Governments demanding and getting security source code

The war between wetware and hardware.
User avatar
Pyrrho
Posts: 23320
Joined: Sat Jun 05, 2004 2:17 am
Title: Man in Black
Location: Division 6
Has thanked: 2244 times
Been thanked: 2081 times

Governments demanding and getting security source code

Postby Pyrrho » Mon Jul 03, 2017 12:22 pm

http://gizmodo.com/in-worrisome-move-ka ... 1796587120

Over the last couple of weeks, there’s been a disturbing trend of governments demanding that private tech companies share their source code if they want to do business. Now, the US government is giving the same ultimatum and it’s getting what it wants.
The flash of light you saw in the sky was not a UFO. Swamp gas from a weather balloon was trapped in a thermal pocket and reflected the light from Venus.

User avatar
Rob Lister
Posts: 18682
Joined: Sun Jul 18, 2004 7:15 pm
Title: Recursive Spline Reticulator
Location: Hiding under ed's bed
Has thanked: 472 times
Been thanked: 470 times

Re: Governments demanding and getting security source code

Postby Rob Lister » Mon Jul 03, 2017 12:39 pm

Doing business in general or doing business with the government? It's hard to argue with the logic of the latter.

User avatar
Anaxagoras
Posts: 18823
Joined: Wed Mar 19, 2008 5:45 am
Location: Yokohama/Tokyo, Japan
Has thanked: 1084 times
Been thanked: 814 times

Re: Governments demanding and getting security source code

Postby Anaxagoras » Mon Jul 03, 2017 11:55 pm

The latter according to the article

The company’s willingness to share its source code comes after a proposal was put forth in the Senate that “prohibits the [Defense Department] from using software platforms developed by Kaspersky Lab.” It goes on to say, “The Secretary of Defense shall ensure that any network connection between … the Department of Defense and a department or agency of the United States Government that is using or hosting on its networks a software platform [associated with Kaspersky Lab] is immediately severed.”
A fool thinks himself to be wise, but a wise man knows himself to be a fool.
William Shakespeare

User avatar
Witness
Posts: 11873
Joined: Thu Sep 19, 2013 5:50 pm
Has thanked: 1209 times
Been thanked: 1704 times

Re: Governments demanding and getting security source code

Postby Witness » Tue Jul 04, 2017 12:27 am

So computers protected by antivirus/firewall are taken offline, and the rest left online?

Just joking… :P

User avatar
Rob Lister
Posts: 18682
Joined: Sun Jul 18, 2004 7:15 pm
Title: Recursive Spline Reticulator
Location: Hiding under ed's bed
Has thanked: 472 times
Been thanked: 470 times

Re: Governments demanding and getting security source code

Postby Rob Lister » Tue Jul 04, 2017 12:45 am

Anaxagoras wrote:The latter according to the article

The company’s willingness to share its source code comes after a proposal was put forth in the Senate that “prohibits the [Defense Department] from using software platforms developed by Kaspersky Lab.” It goes on to say, “The Secretary of Defense shall ensure that any network connection between … the Department of Defense and a department or agency of the United States Government that is using or hosting on its networks a software platform [associated with Kaspersky Lab] is immediately severed.”


Seems reasonable, to be honest. It is a foreign made product that has complete control over the system. It is the proverbial fox guarding the hen house.

They should hold Microsoft to the same standards.

As should we all.

But then we'd all be running Linux.
Rhymes with cynics.

heh.

User avatar
gnome
Posts: 20452
Joined: Tue Jun 29, 2004 12:40 am
Location: New Port Richey, FL
Has thanked: 256 times
Been thanked: 259 times

Re: Governments demanding and getting security source code

Postby gnome » Mon Jul 10, 2017 4:36 pm

You say "Linux" and I say "Line-ux"
You say "Gif" and I say "Jif"
Linux, Line-ux, Gif, Jif,
You're wrong, and you can fuck off.
"If fighting is sure to result in victory, then you must fight! Sun Tzu said that, and I'd say he knows a little bit more about fighting than you do, pal, because he invented it, and then he perfected it so that no living man could best him in the ring of honor. Then, he used his fight money to buy two of every animal on earth, and then he herded them onto a boat, and then he beat the crap out of every single one. And from that day forward any time a bunch of animals are together in one place it's called a zoo! (Beat) Unless it's a farm!"
--Soldier, TF2

User avatar
Rob Lister
Posts: 18682
Joined: Sun Jul 18, 2004 7:15 pm
Title: Recursive Spline Reticulator
Location: Hiding under ed's bed
Has thanked: 472 times
Been thanked: 470 times

Re: Governments demanding and getting security source code

Postby Rob Lister » Sun Sep 10, 2017 12:11 pm

And now Best Buy has removed it from their actual and virtual shelves. They're offering other-product free replacement for any active subscription.
https://www.theverge.com/2017/9/9/16280 ... ersecurity

There's still no actual evidence of any wrong-doing on the part of Kaspersky other than just being Russian. While that is justification enough for a U.S. government computers, which should be using open source or at least American products anyway, it has practically zero to do with consumers.

User avatar
Abdul Alhazred
Posts: 65417
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 1841 times
Been thanked: 815 times

Re: Governments demanding and getting security source code

Postby Abdul Alhazred » Sun Sep 10, 2017 12:28 pm

There's something that doesn't add up about the Best Buy story.

People buying anti virus software at an actual physical store?

Which means they are paying for it, right?

:roll: :roll: :roll: :roll: :roll:
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

User avatar
Rob Lister
Posts: 18682
Joined: Sun Jul 18, 2004 7:15 pm
Title: Recursive Spline Reticulator
Location: Hiding under ed's bed
Has thanked: 472 times
Been thanked: 470 times

Re: Governments demanding and getting security source code

Postby Rob Lister » Wed Oct 11, 2017 11:49 am

And know we know [more].
https://arstechnica.com/information-tec ... comments=1

Nutshell: Israel hacked Kaspersky network and watched as Russian hacked kaspersky's network. The irony is staggering.

Israeli intelligence officers informed the NSA that, in the course of their Kaspersky hack, they uncovered evidence that Russian government hackers were using Kaspersky's access to aggressively scan for American government classified programs and pulling any findings back to Russian intelligence systems. [Israeli intelligence] provided their NSA counterparts with solid evidence of the Kremlin campaign in the form of screenshots and other documentation, according to the people briefed on the events.

User avatar
ed
Posts: 30501
Joined: Tue Jun 08, 2004 11:52 pm
Title: Modulator
Has thanked: 343 times
Been thanked: 570 times

Re: Governments demanding and getting security source code

Postby ed » Wed Oct 11, 2017 12:10 pm

Query: If the source code is public, what is the point of the software?
- new minimalist ethos -

User avatar
Rob Lister
Posts: 18682
Joined: Sun Jul 18, 2004 7:15 pm
Title: Recursive Spline Reticulator
Location: Hiding under ed's bed
Has thanked: 472 times
Been thanked: 470 times

Re: Governments demanding and getting security source code

Postby Rob Lister » Wed Oct 11, 2017 12:18 pm

ed wrote:Query: If the source code is public, what is the point of the software?


Lots of software is open-source. Some of the best, in fact. The license for use doesn't go away.

User avatar
ed
Posts: 30501
Joined: Tue Jun 08, 2004 11:52 pm
Title: Modulator
Has thanked: 343 times
Been thanked: 570 times

Re: Governments demanding and getting security source code

Postby ed » Wed Oct 11, 2017 12:35 pm

stupid question. sorry.

Wait, not really. Why in the world would you use security software where the code is public. Does that not give snoops a leg up on breaking it?

Do I know what I'm talking about modulo stupidity?
- new minimalist ethos -

User avatar
Rob Lister
Posts: 18682
Joined: Sun Jul 18, 2004 7:15 pm
Title: Recursive Spline Reticulator
Location: Hiding under ed's bed
Has thanked: 472 times
Been thanked: 470 times

Re: Governments demanding and getting security source code

Postby Rob Lister » Wed Oct 11, 2017 12:46 pm

I suppose so but it also gives a big leg up in making it bulletproof. <--an unobtainable goal of course

User avatar
Mentat
Posts: 9646
Joined: Tue Nov 13, 2007 11:00 pm
Location: Hangar 18
Has thanked: 23 times
Been thanked: 59 times

Re: Governments demanding and getting security source code

Postby Mentat » Wed Oct 11, 2017 12:48 pm

ed wrote:stupid question. sorry.

Wait, not really. Why in the world would you use security software where the code is public. Does that not give snoops a leg up on breaking it?

Do I know what I'm talking about modulo stupidity?


There are tools for reconstructing source code from binary files. Being open source also gives security experts a leg up on fixing problems as well. For state actors, closed source isn't much of a hindrance.
It's "pea-can", man.

Lapis Sells . . . But Who's Buying?

User avatar
Abdul Alhazred
Posts: 65417
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 1841 times
Been thanked: 815 times

Re: Governments demanding and getting security source code

Postby Abdul Alhazred » Wed Oct 11, 2017 12:48 pm

Here's the point -- for the "normal" end user (such as moi), I am not running my anti virus / anti malware software to protect myself from NSA exploits.

This is analogous to the fact that the lock on my front door will not protect me from expert lock pickers of the "intelligence community". And it is not a problem at all that the way the front door lock works is publicly available information.

For the zhlub, there is no protection from "state actors" besides obscurity + luck.
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

User avatar
ed
Posts: 30501
Joined: Tue Jun 08, 2004 11:52 pm
Title: Modulator
Has thanked: 343 times
Been thanked: 570 times

Re: Governments demanding and getting security source code

Postby ed » Wed Oct 11, 2017 12:57 pm

Abdul Alhazred wrote:Here's the point -- for the "normal" end user (such as moi), I am not running my anti virus / anti malware software to protect myself from NSA exploits.

This is analogous to the fact that the lock on my front door will not protect me from expert lock pickers of the "intelligence community". And it is not a problem at all that the way the front door lock works is publicly available information.

For the zhlub, there is no protection from "state actors" besides obscurity + luck.



Don't you mean ...

For the zhlub, there is no protection from "state actors" besides obscurity modulo luck? :wink:
- new minimalist ethos -

User avatar
Abdul Alhazred
Posts: 65417
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 1841 times
Been thanked: 815 times

Re: Governments demanding and getting security source code

Postby Abdul Alhazred » Wed Oct 11, 2017 1:07 pm

I was going easy on you for your birthday.

BTW, glad to see you're your old self again.
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale

User avatar
ed
Posts: 30501
Joined: Tue Jun 08, 2004 11:52 pm
Title: Modulator
Has thanked: 343 times
Been thanked: 570 times

Re: Governments demanding and getting security source code

Postby ed » Wed Oct 11, 2017 1:55 pm

that is actually a drawing of me in the face area. Does it make me look thin?
- new minimalist ethos -

User avatar
Abdul Alhazred
Posts: 65417
Joined: Mon Jun 07, 2004 1:33 pm
Title: Yes, that one.
Location: Chicago
Has thanked: 1841 times
Been thanked: 815 times

Re: Governments demanding and getting security source code

Postby Abdul Alhazred » Wed Oct 11, 2017 1:57 pm

I'll look at you on a better monitor tonight. ;)
Image "If I turn in a sicko, will I get a reward?"

"Yes! A BIG REWARD!" ====> Click here to turn in a sicko
Any man writes a mission statement spends a night in the box.
-- our mission statement plappendale


Return to “Computers”

Who is online

Users browsing this forum: CCBot [Bot] and 0 guests